Info from Back: "The Security+ Study Guide & DVD Training System is a one-of-a-kind integration of text, DVD-quality instructor led training and Web-based exam simulation and remediation. This system gives you 100% coverage of the official CompTIA Security+ exam objectives plus test preparation software for the edge you need to pass the exam on your first try."

Introduction

I was interested in reviewing this book as I am planning on taking my Security+ exam sometime in the next couple of months (when time and funds allow). From various mailing lists and forums I am subscribed to I have seen that this book is well regarded as a tool to study for the Security+ exam.

The Security+ exam is a fairly broad exam aimed at people starting out in InfoSec professionally, ideally those that are already adept at networking and computing in general. More information about Security+ in general can be found here:

After looking at Security+ for a while I felt that I was fairly strong in all areas apart from perhaps Cryptography which is an area I'm quite new to. I have been looking at it for a while, but maths is not my greatest forte so it takes me a little bit more study than most other things. I was also interested in this book as it also has an accompanying DVD training guide. This is not a form of training I have experienced before so I was interested to see how this would work.

Obviously this a very specific book on the surface as it's aimed at one particular certification, but I also believe it's a useful learning guide for anyone starting out in Information Security.

Contents

The book starts with a lowdown of all the contributors and authors, what certs they hold and their experiences/other publications. After this is a complete Table of Contents with the CompTIA Security+ Exam Objectives.

There are 3 domains in the Security+ exam:

Domain 1.0 General Security Concepts

Domain 2.0 Communication Security

Domain 3.0 Infrastructure Security

Domain 4.0 Basics of Cryptography

Domain 5.0 Operational and Organization Security

After this there is a Foreword which explains the Security+ exam, Path to Security+ (Prerequisites, Preparation, Exam Objectives (expands each domain)) and a few test taking tips.

Then it goes straight into the first Domain, general security concepts. There is one Appendix after all the information which provides complete Self Test questions, answers and explanations for each chapter.

Outline of chapters

Access Control, Authentication and Auditing

Attacks

Remote Access and E-mail

Wireless

Web Security

Devices and Media

Topologies and IDS

System Hardening

Basics of Cryptography

Public Key Infrastructure

Incident Response

Policies and Disaster Recovery

In addition to the book there is also the DVD, the first thing I did was pop it in my DVD player and it fired up with a nice menu allowing you to choose by chapter (1 chapter per each chapter of the book!) or just to play the whole thing.

Very nice!

After this I put it in my PC in the DVD drive, there was no PC-added content, just the same presentations. It took me about 4 tries to get it to read the DVD though as it looked as though it had been trodden on or something (this is no reflection on the quality of the contents though).

And register your book using the drop-down menu and entering the Keycode you are prompted for, which in this case is on the 3rd page in. You can then select the book in your profile and download the ebook and take the online exam by clicking "Security+ Practice Exam".

I will take the online exam when I have more time to review the course materials and do a little bit of study (also the exam is 90 minutes). It has a natty little timer in the corner to let you know how you are doing and a full review of the answers you gave at the end.

Style and Detail

Even though the book is written by many people the style is fairly fluid and easy to follow, each chapter is packed with useful information and tips above and beyond the basic objectives of the Security+ exam. Some may say this is a bad thing, and perhaps if you are only doing this cert to get the piece of paper then yes it may be bad. I am doing it to learn more about Information Security in general and to better myself.

Each chapter starts with an Introduction to that topic and an introduction to each sub-topic as it moves along. It has things such as "Exam warnings" which are common places people slip up (e.g. not learning all the acronyms such as AAA, CIA, DAC, MAC RBAC etc.). Each time a CompTIA objective comes up it is clearly labelled in the margin so you can pay attention to that section.

There are also "Notes" with more information about each sub-topic, "Head of the Class" boxes which contain information over and above the basic curriculum and "Notes from the underground" containing information regarding common hacking practices.

In each section there are practical exercises which explain using real life scenarios the concepts covered in that section, there are plenty of screen-shots where relevant and things like command-line syntax used with various tools.

At the end of each chapter there is a Summar of the Exam Objectives and an Exam Objectives Fast Track containing all the key points for the chapter so you check you have covered everything. Following this there is an Exam Objectives FAQ with common questions from real life Security+ classes then a Self Test with a Quick answer key (full answers are in the appendix at the back).

The DVD is in a presentation format with a slide show in the background, a general class-room sort of situation.

The guy presenting is talking more to the class than the camera and people do ask questions, but it was specifically filmed for the book.

It is rather dry, but on the whole quite well presented and definitely gives you a new format to study with. If you have had enough of reading for a while you can stick the DVD in and go through a couple of chapters. I put it on while I was doing some other stuff so I could listen to it (it's not particularly visual on the whole). There are a few demonstrations of things from other people (how to use PGP for example).

Conclusion

As I am not reviewing the exam I will not go into my results so far with the self-tests, but as the book goes I picked a few chapters to thoroughly investigate (a couple that I am already confident on (Attacks and Hardening) and a couple I am not (Encryptions and PKI's). I found the book very easy to read and the information is excellently laid out. As I mentioned above there is more information than you actually need, but the book is laid out in such a manner you could just locate the bits you wanted and carry on with the Exam.

All in all I would thoroughly recommend this book, even if you don't want to sit this cert it covers all pertinent areas of security in a reasonable amount of detail. As for the effectiveness of the book I shall post again in this thread after I've taken this exam. But bare in mind I'll also be using various online resources and other information I have access to as I would expect anyone else doing such an exam to do.

The DVD gives a new twist to studying for a cert and is a welcome addition although I would say if you are going to give a DVD, make it a LOT more visual and interesting to watch.

I give it a 8/10

This review is copyright 2003 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.

Last edited by ShaolinTiger on Sun Jan 18, 2004 8:44 pm; edited 5 times in total

I too have purchased the Study DvD System and was pleased as well but I did find that some of the content was more gearded toward maybe someone whom had previous networking/administration experience. I did give it a thumbs up however for someone whom may be knew to networking it is a wee bit to in-depth but thats what the author stated on the DVD. For testing purposes I would have to say that I would have to rank it as a nine

Last edited by Cerebro on Tue Sep 23, 2003 7:29 pm; edited 1 time in total

I too have purchased the Study DvD System and was pleased as well but I did find that some of the content was more gearded toward maybe someone whom had previous networking/administration experience.

I would agree with you and I put such in my review. Also the Security+ cert is not aimed for people totally new to computers, they recommend Network+ and A+ but that isn't enforced.

Cerebro wrote:

I did give it a thumbs up however for someone whom may be knew to netwoorking it is a wee bit to in-depth but thats what the autjhor stated on the DVD. For testing purposes I would have to say that I would have to rank it as a nine

I cannot stress enough how great this book is!!! Very well composed and very detailed. The DVD is a plus more like something to watch right before the test. I sums up everything. Its no really to help you learn. Great learning system including the web based testing (www.syngress.com/certification). I'm sure I will continue to buy cert books from Syngress.

If it wasn't for the review I wouldn't have found it. Thanks Shaolin!!

As long as you bought the Security+ Study Guide Second Edition you will be fine.
Even the older edition ought to be OK, but I know they have released some updates to some of the CompTIA exams - A+ for sure, not certain about Security+